Staff —

What the…? Tech stories that made us do a double take

These WTF stories made us laugh, made us cry, made us facepalm.

Gentlemen, you can't fight in here. This is the war room!

This being an election year, there were plenty of strange moments in the political realm. But few could compare with the antics of the House's Committee on Science, Space and Technology, which demonstrated some truly jaw-dropping behavior in the run-up to the elections, with members seemingly trying to outdo each other in demonstrating that they didn't have a clue as to what science is about.

There's always been a background level of weirdness when it comes to the Committee's hearings, since those Representatives who don't want to come up with policy solutions for our carbon emissions have done their best to pretend that the greenhouse effect doesn't exist. But, during the campaign, things got weird when Todd Akin (running for a Senate seat) decided to branch out into biology, claiming that the female reproductive system could sense the degree to which its carrier had been raped and block pregnancies if the affront were serious enough.

But the most staggering moment came when a video surfaced of Georgia's Paul Broun, who also tackled biology. And by "tackled" we mean dismissed it as the work of Satan. According to Broun, all of modern cosmology was also the handiwork of the devil. Although Broun will be returning both to the House and his seat on the science committee in the new year, it's possible to take some comfort in a more amusing WTF moment: thousands of people found his comments so offensive that they wrote in "Charles Darwin" on their ballots during the November 2012 elections.

~John Timmer

Fired wall

Enlarge/ A recent search on the Shodan computer search engine found more than 20,000 Niagara AX systems connected to the Internet.

As Security Editor, I routinely chronicle security gaffes by engineers, managers, and online criminals that make the jaw drop. But it wasn't until this month that I covered the most jaw-dropping gaffe of the year. It was exposed in an FBI memo warning that hackers had illegally accessed the Internet-connected controls of an internal heating and air-conditioning system by exploiting a backdoor in a widely used piece of software. A backdoor in a mission-critical piece of software that controls critical infrastructure wasn't bad enough, but the insecurity didn't stop there.

"US Business 1 actively used this system in-house, but also installed the control system for customers, which included banking institutions and other commercial entities," the memo stated, referring to the unidentified heating company. "An IT contractor of US Business 1 confirmed the Niagara control box was directly connected to the Internet with no interposing firewall."

Security experts have long warned about the risks of connecting industrial control systems to the Internet. What made this a WTF moment for me was the revelation that managers at this company not only ignored this advice; they never even bothered to put the system behind a firewall.

But for me, the strangest moment of the year came when I tried to transfer my old Wii game downloads onto my new Wii U. Being confronted with a memory error during this process wasn't that surprising—my Wii was nearly six years old, after all. What was mind-boggling was the series of hoops I had to jump through to recover my purchased content for use on the new system. That included talking to a tech support representative on the phone for two hours, paying $65 to Nintendo and shipping the aging console away for two weeks, only to get it back so I could use a convoluted online tool to transfer a dinky little license file between the systems and then re-download all my games on the Wii U over a matter of hours.

~Kyle Orland

Head in the clouds

The "cloud" is useful for many things, but some companies just can't figure out that not everything needs to be tied to an online service. This year, exhibit 1 was Cisco's decision to replace the local management tool that comes with some of its wireless routers with a cloud service that was not only less capable than the original tool but came with bizarre anti-porn and copyright-related terms of service. Just to re-gain the ability to manage your router the way you've always done, Cisco users had to agree to terms of service that stated, "You agree not to use or permit the use of the Service: (i) to invade another's privacy; (ii) for obscene, pornographic, or offensive purposes; (iii) to infringe another's rights, including but not limited to any intellectual property rights." At the same time, Cisco's privacy policy gave it the right to track users' network traffic and Internet history.

Cisco backed down completely, letting users return to the previous, better state of affairs, while keeping the cloud service as an option for those who wanted it. But the march of cloud services for things that can be done just as well or better locally continues. Take the example of Razer, which built a gaming mouse that requires an Internet connection to unlock some of its functionality.

~Jon Brodkin

#confessionfail

Finally, there was the iOS app maker that hijacked its users' Twitter accounts in order to post confessions that they had pirated the apps. Only problem (just kidding, there are tons of problems here) was that the system didn't work as intended and posted confessions of piracy for any old user, even legitimate customers who had paid real money to buy the apps.

The hashtag #softwarepiracyconfession shows the results of this insane experiment gone wrong. It's a giant stream of identical tweets, each one reading, "How about we all stop using pirated iOS apps? I promise to stop. I really will. #softwarepirateconfession."

They come from users of dictionary applications made by Enfour, which activated an anti-piracy module in one of its software updates on November 1. Enfour later blamed the problem on "old code from a previous version of the module that was timed to activate on November 1." Enfour declined to reveal exactly how the module was supposed to identify pirates, but obviously it didn't work properly.

Enfour isn't done—the company said it is working on newer and better ways to identify and shame pirates. Let's hope for the sake of the company's paying customers that the system actually works next time.